Legal claims defining the scope of protection, as filed with the USPTO.
1. A system, comprising: system memory circuitry; enclave memory circuitry; and memory controller circuitry communicatively coupled to the system memory circuitry and to the enclave memory circuitry, the memory controller circuitry to: encrypt a first memory page of a plurality of memory pages stored in the system memory circuitry using a first encryption method, the first encryption method having a first metadata associated therewith, the first metadata including a first message authentication code calculated using a first technique; store the first metadata in a memory location associated with the first memory page; transfer the first memory page of the plurality of memory pages from the system memory circuitry to the enclave memory circuitry responsive to receipt of a request from an operating system executed by processor circuitry communicatively coupled to the memory controller circuitry; encrypt the first memory page transferred from the system memory circuitry to the enclave memory circuitry using a second encryption method different from the first encryption method, the second encryption method having a second metadata associated therewith, the second metadata including a second message authentication code calculated using a second technique; and replace at least a portion of the first metadata, stored in the memory location and including the first message authentication code calculated using the first technique, with at least a portion of the second metadata including the second message authentication code calculated using the second technique.
2. The system of claim 1 , the memory controller circuitry to further: transfer the first memory page from the enclave memory circuitry to the system memory circuitry responsive to receipt of a request from the operating system executed by the processor circuitry; encrypt the first memory page transferred from the enclave memory circuitry to the system memory circuitry using the first encryption method; and replace at least a portion of the second metadata, stored in the memory location and including the second message authentication code calculated using the second technique, with at least a portion of the first metadata.
3. The system of claim 1 , wherein the first encryption method includes a Total Memory Encryption and integrity (TMEi) encryption method.
4. The system of claim 3 , wherein the first metadata includes Total Memory Encryption and integrity Message Authentication Codes (TMEi-MACs).
5. The system of claim 1 , wherein the second encryption method includes a Memory Encryption Engine (MEE) encryption method.
6. The system of claim 5 , wherein the second metadata includes Memory Encryption Engine counter data.
7. The system of claim 6 , wherein the second metadata further includes Memory Encryption Engine Message Authentication Codes.
8. An encryption method, comprising: encrypting, by memory controller circuitry, a first memory page of a plurality of memory pages stored in system memory circuitry using a first encryption method, the first encryption method having a first metadata associated therewith, the first metadata including a first message authentication code calculated using a first technique; storing, by the memory controller circuitry, the first metadata in a memory location associated with the first memory page; transferring, by the memory controller circuitry, the first memory page of the plurality of memory pages from the system memory circuitry to enclave memory circuitry responsive to receipt of a request from an operating system executed by processor circuitry communicatively coupled to the memory controller circuitry; encrypting, by the memory controller circuitry, the first memory page transferred from the system memory circuitry to the enclave memory circuitry using a second encryption method different from the first encryption method, the second encryption method having a second metadata associated therewith, the second metadata including a second message authentication code calculated using a second technique; and replacing, by the memory controller circuitry, at least a portion of the first metadata, stored in the memory location and including the first message authentication code calculated using the first technique, with at least a portion of the second metadata including the second message authentication code calculated using the second technique.
9. The method of claim 8 , further comprising: transferring, by the memory controller circuitry, the first memory page from the enclave memory circuitry to the system memory circuitry responsive to receipt of a request from the operating system executed by the processor circuitry; encrypting, by the memory controller circuitry, the first memory page transferred from the enclave memory circuitry to the system memory circuitry using the first encryption method; and replacing, by the memory controller circuitry, at least a portion of the second metadata, stored in the memory location and including the second message authentication code calculated using the second technique, with at least a portion of the first metadata.
10. The method of claim 8 , wherein the encrypting the first memory page of the plurality of memory pages stored in the system memory circuitry using the first encryption method further comprises: encrypting, by the memory controller circuitry, the first memory page of the plurality of memory pages stored in the system memory circuitry using a Total Memory Encryption and integrity (TMEi) encryption method.
11. The method of claim 10 , wherein the encrypting the first memory page of the plurality of memory pages stored in the system memory circuitry using the first encryption method further comprises: encrypting, by the memory controller circuitry, the first memory page of the plurality of memory pages stored in the system memory circuitry using the Total Memory Encryption and integrity (TMEi) encryption method, wherein the first metadata includes Total Memory Encryption and integrity Message Authentication Codes (TMEi-MACs).
12. The method of claim 8 , wherein the encrypting the first memory page transferred from the system memory circuitry to the enclave memory circuitry using the second encryption method further comprises: encrypting, by the memory controller circuitry, the first memory page transferred from the system memory circuitry to the enclave memory circuitry using a Memory Encryption Engine (MEE) encryption method.
13. The method of claim 12 , wherein the encrypting the first memory page transferred from the system memory circuitry to the enclave memory circuitry using the second encryption method further comprises: encrypting, by the memory controller circuitry, the first memory page transferred from the system memory circuitry to the enclave memory circuitry using the Memory Encryption Engine (MEE) encryption method, wherein the second metadata includes Memory Encryption Engine counter data.
14. The method of claim 13 , wherein the encrypting the first memory page transferred from the system memory circuitry to the enclave memory circuitry using the second encryption method further comprises: encrypting, by the memory controller circuitry, the first memory page transferred from the system memory circuitry to the enclave memory circuitry using the Memory Encryption Engine (MEE) encryption method, wherein the second metadata further includes Memory Encryption Engine Message Authentication Codes.
15. A non-transitory storage device that includes instructions that, when executed by controller circuitry, causes the controller circuitry to: encrypt a first memory page of a plurality of memory pages stored in system memory circuitry using a first encryption method, the first encryption method having a first metadata associated therewith, the first metadata including a first message authentication code calculated using a first technique; store the first metadata in a memory location associated with the first memory page; transfer the first memory page of the plurality of memory pages from the system memory circuitry to enclave memory circuitry responsive to receipt of a request from an operating system executed by processor circuitry communicatively coupled to the controller circuitry; encrypt the first memory page transferred from the system memory circuitry to the enclave memory circuitry using a second encryption method different from the first encryption method, the second encryption method having a second metadata associated therewith, the second metadata including a second message authentication code calculated using a second technique; and replace at least a portion of the first metadata, stored in the memory location and including the first message authentication code calculated using the first technique, with at least a portion of the second metadata including the second message authentication code calculated using the second technique.
16. The non-transitory storage device of claim 15 , wherein the instructions further cause the controller circuitry to: transfer the first memory page from the enclave memory circuitry to the system memory circuitry responsive to receipt of a request from the operating system executed by the processor circuitry; encrypt the first memory page transferred from the enclave memory circuitry to the system memory circuitry using the first encryption method; and replace at least a portion of the second metadata, stored in the memory location and including the second message authentication code calculated using the second technique, with at least a portion of the first metadata.
17. The non-transitory storage device of claim 15 , wherein the instructions that cause the controller circuitry to encrypt the first memory page of the plurality of memory pages stored in the system memory circuitry using the first encryption method further cause the controller circuitry to: encrypt the first memory page of the plurality of memory pages stored in the system memory circuitry using a Total Memory Encryption and integrity (TMEi) encryption method.
18. The non-transitory storage device of claim 17 , wherein the instructions that cause the controller circuitry to encrypt the first memory page of the plurality of memory pages stored in the system memory circuitry using the first encryption method further cause the controller circuitry to: encrypt the first memory page of the plurality of memory pages stored in the system memory circuitry using the Total Memory Encryption and integrity (TMEi) encryption method, wherein the first metadata includes Total Memory Encryption and integrity Message Authentication Codes (TMEi-MACs).
19. The non-transitory storage device of claim 15 , wherein the instructions that cause the controller circuitry to encrypt the first memory page transferred from the system memory circuitry to the enclave memory circuitry using the second encryption method further cause the controller circuitry to: encrypt the first memory page transferred from the system memory circuitry to the enclave memory circuitry using a Memory Encryption Engine (MEE) encryption method.
20. The non-transitory storage device of claim 19 , wherein the instructions that cause the controller circuitry to encrypt the first memory page transferred from the system memory circuitry to the enclave memory circuitry using the second encryption method further cause the controller circuitry to: encrypting, by the controller circuitry, the first memory page transferred from the system memory circuitry to the enclave memory circuitry using the Memory Encryption Engine (MEE) encryption method, wherein the second metadata includes Memory Encryption Engine counter data.
21. The non-transitory storage device of claim 20 , wherein the instructions that cause the controller circuitry to encrypt the first memory page transferred from the system memory circuitry to the enclave memory circuitry using the second encryption method further cause the controller circuitry to: encrypt the first memory page transferred from the system memory circuitry to the enclave memory circuitry using the Memory Encryption Engine (MEE) encryption method, wherein the second metadata further includes Memory Encryption Engine Message Authentication Codes.
Unknown
September 21, 2021
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.